Redefining CyberSecurity

The threat landscape has changed. The technology landscape has evolved. The security operations center analysts and researchers have had to do the same.In this special event coverage episode, we connect with the Senior Director of Security Research at Devo, Chaz Lever, to discuss the past, present, and future of technology, behavior, tactics, techniques, tools, training, leadership, community, and more.Want more on this topic? Be sure to watch the live stream of the Second Annual SOC Analyst Appreciation Day: https://itspm.ag/devo2p8i____________________________GuestChaz LeverSenior Director, Security Research at Devo [@devo_Inc]On Linkedin | https://www.linkedin.com/in/chazlever/On Twitter | https://twitter.com/chazlever____________________________For more SOC Analyst Appreciation Day  Event Coverage podcast and video episodes visit: https://itspmagazine.com/second-annual-soc-analyst-appreciation-dayTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The “waves” of ransom-driven DDoS — Distributed Denial of Service — attacks continue to come as the attack vectors, techniques, and targets continue to evolve. Where does this leave us? Let's look to the DDoS Threat Landscape Report from Imperva to glean some answers.As we connect with David Elmaleh, during this episode, we quickly realize there is a lot to catch up on — past, present and future — for what appears to be a never-ending problem in DDoS. Attacks seems to be be repeatedly targeting the same victims and are coming more quickly and running for shorter periods. Don't be fooled, however, the financial impact due to the unplanned and seemingly-uncontrolled downtime is wreaking havoc on industries and organizations all around the globe.In addition to leveraging new techniques, bad actors are also using advanced technologies — artificial intelligence, the Internet of Things (IoT), and 5G to name but a few — to do their dirty deeds. They are investing in these technologies to help them scale their operations to reach more targets with fewer resources. On the other side of this coin, the bad actors' deep understanding of these technologies and the new, modern architectures and infrastructures that companies are building with them, makes them prime targets as well. The expanded business capabilities using these advanced technologies equate to expanded attack surface for the DDoS slingers to target.We cover a lot from the first 2 quarters of this quarterly report while also getting to hear what some real-world cases from Imperva customers sound and look like.It's time we found a way to handle these distributed attacks. Have a listen to hear what your business can do to mitigate this risk.Note: This story contains promotional content. Learn more.GuestDavid ElmalehDirector, Product Management | Edge Cloud Security at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/davidelmaleh/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Explore the DDoS Threat Landscape Report Q2 2022: https://itspm.ag/impervqi54Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Large enterprises and government agencies deploy thousands of Internet of Things (IoT), Operational Technology (OT), and other network-connected devices. But many severely underestimate the count, and many more do not manage these devices to ensure the latest security measure are in place.This includes up-to-date firmware and strong passwords. Knowing this, the cybercriminal community focuses on these devices and environments. They are more vulnerable than primary IT infrastructures and offer an easy way to breach digital assets and move laterally without discovery across an organization’s broader infrastructure.In this episode, Brian Contos, Chief Security Officer for Phosphorous Cybersecurity, presents insights and examines the risks to IoT, OT, and network devices and the issues they can cause to an organization's overall IT infrastructure. The article also demonstrates how devices are attacked and presents ways to overcome the risks to ensure digital assets remain safe._______________________Community Member Contributor: Brian ContosChief Security Officer for Phosphorous Cybersecurity [@phosphorusinc]On Twitter | https://twitter.com/BrianContosOn LinkedIn | https://www.linkedin.com/in/briancontos/Host: Sean MartinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

This is a story that begins with the journey of Arik Liberzon, the founder and CTO and head of the R&D and product teams at Pentera. Arik was the head of the red team for the Israeli Defense Forces, chartered with pentesting — or red teaming — all of the strategic assets against nation state levels of threats. He did so with a great number of people, just like you would expect to do with an enterprise level red teaming program, tapping into a wealth of ethical hackers and red teamers. But he also had another part of his brain, which was all about software. Arik fused the two mindsets and had an a-ha moment that 'I can do everything that I'm doing here with people and I can do it in software. I can shrink wrap a red team in a box of software and give every enterprise in the world the ability to red team irrespective of their budget. I can give every business the power of a big red team army, delivered through software.'This story, and the broader capabilities, mission, and vision for the future at Pentera, was told to us by Aviv Cohen, Pentera's Chief Marketing Officer. Connecting the human element to software and operations, the team at Pentera believes that it is important to have a human view for the challenges organizations face when managing their security programs. This is why Pentera created a series of cyber cartoons that are specialized to represent cybersecurity life. The cartoons connect the life of cybersecurity personnel and their role in society. This is a way for us to laugh, adding some humor to reality, connecting the technology products and services that we provide to this reality.The software-enabled red team army is here and ready to join your team. Have a listen and connect with the team at Pentera to begin and continue your own red team journey.Note: This story contains promotional content. Learn more.GuestAviv CohenChief Marketing Officer at Pentera [@penterasec]On Linkedin | https://www.linkedin.com/in/avivco/ResourcesBe sure to visit Pentera at https://itspm.ag/pentera-tyuw to learn more about their offering.Meet Pentera Labs: https://itspm.ag/penteri67aBrowse the cybertoon series: https://itspm.ag/penttoonTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

When a multi-national technology company needs to manage cyber risk on a global scale while not losing sight of the regional and local aspects of the business, one way to accomplish this is through regional and global committees comprised of multiple business functions.A mixed global and regional view can help to determine budgetary needs to ensure security management and operations function in support of the business in a way that remains focused on minimizing the threat and impact of a cyber incident. Doing so also encourages a culture of security maturity where the business recognizes the value that the security function brings to the table as the company defines, architects, and builds its business, operations, and technology stack that makes everything possible.Join us for an in-depth conversation with the Chief Security Officer (CSO) at Huawei Technologies USA, Andy Purdy, as we explore how an organization can better prepare its security teams, operations, and committees to ensure each is poised to be resilient and sustainable for the bigger picture and the long term.____________________________GuestAndy PurdyChief Security Officer (CSO) at Huawei Technologies USA [@Huawei]On LinkedIn | https://www.linkedin.com/in/andy-purdy-9b1b554/On Twitter | https://twitter.com/andy_purdy____________________________This Episode’s SponsorsPentera | https://itspm.ag/pentera-tyuwEdgescan | https://itspm.ag/itspegwebAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network____________________________ResourcesInspiring post: https://www.forbes.com/sites/forbestechcouncil/2022/07/11/why-we-need-accountability-for-effective-cybersecurity-frameworks/?sh=1a055eb45e62____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast

Traditional penetration testing has been a cornerstone of effective cybersecurity for decades, providing a vital baseline function for every security practice. But in the face of today's rapidly proliferating and diversifying cyberattacks, its consulting-heavy service delivery model is looking and feeling its age.Join us for a conversation with Justin Kestelyn as we take a unique journey into the past, present, and future of penetration testing. We get the opportunity to explore how the role of a pentest has evolved as part of a more extensive security program, how the tools have evolved, how the technique and skills have transformed, and how the human element is still crucial when outcomes matter more than just showing the results of a scan.It's time to re-imagine penetration testing. So let's do that together now.Have a listen.Note: This story contains promotional content. Learn more.GuestJustin KestelynHead Of Product Marketing at Bugcrowd [@Bugcrowd]On Twitter | https://twitter.com/kestelynOn Linkedin | https://www.linkedin.com/in/justinkestelyn/ResourcesBe sure to visit Bugcrowd at https://itspm.ag/itspbgcweb to learn more about their offering.eBook | See Security Differently™ Penetration Testing as a Service Done Right: https://itspm.ag/bugcro2ky8To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

As world events have demonstrated these past couple of years, crisis management is a requisite for doing business in today’s world. CISOs have choices to make in the face of the next crisis that’s sure to come…either plan ahead or react.Those who do plan, practice, and engage the full support of the enterprise often reduce the impact of a crisis in terms of business disruptions, cost to recover, and lost revenue.In this episode, Jasper Ossentjuk, SVP and CFO for Nielsen IQ, discusses what every CISO needs to know about crisis management planning and how it differs from business continuity and disaster recovery planning. Ossentjuk also examines how to determine if an organization is crisis resilient and the critical role a CISO plays in facilitating the necessary conversations to create crisis management plans. Ossentjuk also offers tips for formulating strategies and emphasizes the need to practice the procedure so that organizations can be flexible in reacting to unexpected crises._______________________Community Member Contributor: Jasper OssentjukSVP and CFO for Nielsen IQ [@NielsenIQ]On LinkedIn | https://www.linkedin.com/in/jasperossentjukciso/Host: Sean MartinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The current state of IoT security and privacy may look different to many people, businesses, and governments. This discrepancy could be a problem. With so many different viewpoints, it can be challenging to raise the bar and protect society from the technologies they are using.In this episode with security researcher and privacy advocate, David Rogers, we explore how  organizations can leverage the work legislators and industry standards bodies  such as ETSI are producing to help their operations (product development, IT operations, security operations, and more)  bring consumer devices to market with security and privacy built in. We even discuss the value of translating codes of practice into multiple languages to help bridge the gap and remove the barriers to gaining traction with best practices around the world.Also, there's a lot that goes into create a standard that get published or a bill that gets passed into law. That  journey, the way different individuals look at it, write, and translate it into something can actually be applied — and then audited and enforced — can be very tricky. For example, if the law includes the word "timely," what does that actually mean in practice? David and I get to discuss this a bit as well, as this is something that may not be well understood.There's a shout-out to Aaron Guzman [@scriptingxss] re: the work he and others are doing at the Cloud Security Alliance [@CloudSA] and OWASP [@OWASP].Have a listen.____________________________GuestDavid RogersFounder and CEO at Copper Horse Ltd [@copperhorseuk]On LinkedIn | https://www.linkedin.com/in/davidrogersuk/On Twitter | https://twitter.com/drogersuk____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Asgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network____________________________ResourcesInspiring post: https://www.linkedin.com/posts/davidrogersuk_mapping-security-privacy-in-the-internet-activity-6929775703894728704-v3ZcThe Long Road to a Law on Product Security in the UK: https://mobilephonesecurity.org/2021/11/the-long-road-to-a-law-on-product-security-in-the-uk/Product Security and Telecommunications Infrastructure Bill: https://bills.parliament.uk/bills/3069ETSI EN 303 645: https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdfPodcast | Black Hat 25 & DEF CON 30 Live Streaming Coverage With ITSPmagazine | David Rogers: https://redefining-cybersecurity.simplecast.com/episodes/black-hat-25-def-con-30-live-streaming-coverage-with-itspmagazine-david-rogers-redefining-cybersecurity-podcast-with-sean-martin-and-marco-ciappelli____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcast

There are so many questions that come with pursuing a cybersecurity career and education. Listen as we answer many of these questions and discuss how Level Effect sets its students up for success.We go into detail about who might be a good fit to work in cybersecurity (hint: almost anyone!), what types of information students will need to know and what skills lend themselves to catching on to the learning materials quickly, when it might be a good time to start taking the next step in your education or career process, where you can go now to find resources, and why Level Effect strives to help its students every step of the way if they are willing to put in the work!This episode also sheds light on the four professionals speaking, and many others, who have taken a similar "non-traditional path" to make their way into successful cybersecurity careers.Note: This story contains promotional content. Learn more.GuestsAnthony BendasCOO at Level Effect [@Level_Effect]On Twitter | http://www.twitter.com/anthonybendasOn Linkedin | https://www.linkedin.com/in/anthonybendas/Will NisslerInfrastructure Lead & Cybersecurity Instructor at Level Effect [@Level_Effect]On Twitter | https://www.twitter.com/HedNDaCloudOn Linkedin | https://www.linkedin.com/in/william-nissler-770583188/Sidney CroutCDCP Certified Graduate of Level Effect, Threat Hunter at ConfidentialOn Linkedin | https://www.linkedin.com/in/sidney-c-1270a7ab/ResourcesBe sure to visit LevelEffect at https://itspm.ag/level-effect-66xu to learn more about their offering.Level Effect's FREE Cybersecurity Foundations Course: https://itspm.ag/le609cc1To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

It may be a relatively easy connection to make - cybersecurity and privacy. But what about legal and operations and third-party products and services? Mix these things together, and some things get easier to understand ... yet some things get harder to manage.Cybersecurity lawyers are a growing need as those who implement controls often don't understand the laws. It is closely related to privacy law, so an ideal would be a cybersecurity and privacy lawyer. Join us as we explore this connection and the impact these roles (or combined role) can have on an organization.____________________________GuestK Royal, PhD, JDGlobal Privacy Officer at Outschool [@outschool]On Twitter | https://twitter.com/heartofprivacyOn LinkedIn | www.linkedin.com/in/kroyalSerious Privacy Podcast [@PodcastPrivacy] | https://seriousprivacy.buzzsprout.com/____________________________This Episode’s SponsorsEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesSOC2 reports explained: https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2reportISO privacy and security article: https://www.iso.org/news/ref2419.htmlISO27001: https://www.iso.org/isoiec-27001-information-security.htmlISO27701: https://www.iso.org/standard/71670.htmlOther frameworks mentionedNIST privacy framework: https://www.nist.gov/privacy-frameworkCloud Security Alliance Cloud Controls Matrix: https://cloudsecurityalliance.org/research/cloud-controls-matrix/Inspiration for this episode | Cybersecurity or Privacy Woman Law Professional 2022: https://www.linkedin.com/posts/carmenmarsh_cybersecuritywomanoftheyear-cswy2022-womenincyber-activity-6952128839116369920-TxZU/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network